CVE-2025-36513: Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafted page while logged in...

4.3 CVSS

Description

Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafted page while logged in to the affected product, unintended operations may be performed.

Classification

CVE ID: CVE-2025-36513

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Problem Types

Cross-site request forgery (CSRF)

Affected Products

Vendor: i-PRO Co., Ltd.

Product: Surveillance cameras provided by i-PRO Co., Ltd.

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.16% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-36513
https://i-pro.com/products_and_solutions/en/surveillance/solutions/technologies/cyber-security/psirt/security-advisories
https://jvn.jp/en/jp/JVN10964289/

Timeline

2025-06-06 05:40:17 UTC
CVE

Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafted page while logged in...